CVE-2026-53240

A flaw was found in the Linux kernel's xfrm: iptfs component. A race condition during partial packet reassembly in the inputprocesspayload function can lead to a use-after-free vulnerability. This occurs when a concurrent process frees a packet buffer skb before it is checked, allowing subsequent...

EUVD-2026-39191

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on firstskb in inputprocesspayload inputprocesspayload stores firstskb into xtfs-ranewskb under droplock when starting partial reassembly, then unlocks and breaks out of the processing loop. The...

EUVD-2026-39330

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

CVE-2026-53239

The CVE-2026-53239 entry documents a Linux kernel race in the xfrm policy subsystem leading to a use-after-free of an inexact bin in xfrm_policy_bysel_ctx(). The issue arises when CPU0 handles XFRM_MSG_DELPOLICY and CPU1 handles XFRM_MSG_NEWSPDINFO, with a window where a freed bin is referenced a...

CVE-2026-53240

The CVE-2026-53240 issue affects the Linux kernel xfrm/iptfs path where __input_process_payload() stores first_skb into ra_newskb and later reads it after unlocking, allowing a race with iptfs_reassem_cont() to free the skb and trigger a use-after-free. The patch replaces the unlocked read with a...

CVE-2026-53240

In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: fix use-after-free on firstskb in inputprocesspayload inputprocesspayload stores firstskb into xtfs-ranewskb under droplock when starting partial reassembly, then unlocks and breaks out of the processing loop. The...

CVE-2026-53239

In the Linux kernel, the following vulnerability has been resolved: xfrm: policy: fix use-after-free on inexact bin in xfrmpolicybyselctx Fix the race by pruning the bin while still holding xfrmpolicylock, before dropping it. Use xfrmpolicyinexactprunebin directly since the lock is already held...

UBUNTU-CVE-2026-52932

In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...

CVE-2026-52935

In the Linux kernel, the following vulnerability has been resolved: xfrm: espintcp: do not reuse an in-progress partial send espintcp keeps a single in-flight transmit in ctx-partial. Before building a new skmsg, espintcpsendmsg first tries to flush that state through espintcppushmsgs. For blocki...

EUVD-2026-38702

In the Linux kernel, the following vulnerability has been resolved: xfrm: ipcomp: Free destination pages on acomp errors Move the outfreereq label up by a couple of lines so that the allocated dst SG list gets freed on error as well as success...

Ubuntu 20.04 LTS : Linux kernel (Oracle) vulnerabilities (USN-8462-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8462-1 advisory. It was discovered that the Linux kernel algifaead module did not properly handle in-place cryptographic operations. This flaw is known as Copy Fail. A...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: IB/mad: Don't call to function that might sleep while in atomic context CVE-2022-50472 In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: Fixed the leak from the dev tracker. At the stage of direction checks, the netdev reference tracker is already initialized, but it is released with the wrong put call...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: In the TCP layer, the secpath process is dropped simultaneously with the current dropping of the dst. Xiumei reported encountering a warning in xfrm6tunnelnetexit while running tests that involve creating a pair of netns, running...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: xfrm: unexport init-annotated xfrm4protocolinit EXPORTSYMBOL and init are a poor combination, as the .init.text section is freed after initialization. As a result, modules cannot use symbols annotated with init. Access to a...

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: The issue occurs in the error path of the xfrmpolicycheck function. When the fetching process of the object pols1 fails, the function simply returns 0, without decrementing the reference count of pols0. This happens either...

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: xfrm: Reinjecting transport-mode packets through the workqueue. The following warning is displayed when the tcp6-multi-diffip11 stress test case of the LTP test suite is tested: watchdog: BUG: Soft lockup – CPU0 stuck for 22...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: xfrm: State: Initialize stateptrs earlier in xfrmstatefind In cases of preemption, xfrmstatelookat will find a different pcpuid and look up states for that other CPU. If a state is matched for CPU2 in the statecache while the...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: Policy: Fix metadata dst-dev xmit null pointer dereference When we try to transmit an skb with metadatadst attached i.e., dst-dev == NULL through the xfrm interface, we may encounter a null pointer dereference in xfrmixmit2...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: xfrm: Validates the prefix length of new SA entries using the SA family, when sel.family is unset. This extends the validation introduced in commit 07bf7908950a “xfrm: Validates address prefix lengths in the xfrm selector”. The...